Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21960
Total
1564
Critical
6679
High
7025
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47223 | MEDIUM | 5.4 | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the … | Jun 12, 2026 |
| CVE-2026-47216 | UNKNOWN | — | Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially … | Jun 12, 2026 |
| CVE-2026-44173 | MEDIUM | 5.0 | MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … | Jun 12, 2026 |
| CVE-2026-44172 | UNKNOWN | — | MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it … | Jun 12, 2026 |
| CVE-2026-44171 | MEDIUM | 6.3 | MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … | Jun 12, 2026 |
| CVE-2026-44170 | UNKNOWN | — | MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … | Jun 12, 2026 |
| CVE-2026-44169 | MEDIUM | 4.3 | MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting … | Jun 12, 2026 |
| CVE-2026-44168 | HIGH | 8.0 | MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … | Jun 12, 2026 |
| CVE-2026-7387 | HIGH | 8.8 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag … | Jun 12, 2026 |
| CVE-2026-7184 | MEDIUM | 6.5 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated … | Jun 12, 2026 |
| CVE-2026-6961 | HIGH | 7.6 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared … | Jun 12, 2026 |
| CVE-2026-6739 | MEDIUM | 6.7 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, … | Jun 12, 2026 |
| CVE-2026-6689 | MEDIUM | 4.3 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team … | Jun 12, 2026 |
| CVE-2026-6046 | MEDIUM | 5.3 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs … | Jun 12, 2026 |
| CVE-2026-53982 | MEDIUM | 6.5 | Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering … | Jun 12, 2026 |
| CVE-2026-53981 | HIGH | 7.6 | Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change … | Jun 12, 2026 |
| CVE-2026-47224 | MEDIUM | 4.3 | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the … | Jun 12, 2026 |
| CVE-2026-47222 | MEDIUM | 5.4 | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the … | Jun 12, 2026 |
| CVE-2026-3840 | HIGH | 7.1 | A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly … | Jun 12, 2026 |
| CVE-2026-3433 | MEDIUM | 4.3 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the … | Jun 12, 2026 |
| CVE-2026-9641 | MEDIUM | 5.3 | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used … | Jun 12, 2026 |
| CVE-2026-9638 | HIGH | 7.5 | Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for … | Jun 12, 2026 |
| CVE-2026-8828 | UNKNOWN | — | A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or … | Jun 12, 2026 |
| CVE-2026-5792 | MEDIUM | 6.5 | Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing … | Jun 12, 2026 |
| CVE-2026-53568 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue … | Jun 12, 2026 |